Wldeploy: EncryptionServiceException, Error decrypting Secret Key

Similar Messages

• Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

  Hi all,
  I have one admin server 8 managed servers in cluster environment. I am using node
  manager to start managed servers. I used the demo certificate and private key
  file provided by BEA before getting my real certificate, but when I got the real
  certificate the node manager can't no more. The error I am getting is this :
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
  on command line options, try "java weblogic.nodemanager.NodeManager help">
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
  Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
  Error decrypting Secret Key
       at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  --------------- nested within: ------------------
  weblogic.security.internal.encryption.EncryptionServiceException - with nested
  exception:
  [weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
  Secret Key]
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  here is the setting of node manager
  # Set user-defined variables.
  BEA_HOME="/opt/app/weblogic"
  WL_HOME=${BEA_HOME}/weblogic700
  NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
  JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
  #Set NODEMANAGER variables
  NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
  NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
  NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
  NODEMANAGER_LISTENADDRESS="uxmwpr01"
  NODEMANAGER_LISTENPORT="5501"
  NODEMANAGER_REVERSEDNS="true"
  NODEMANAGER_SSLVERIFICATION="true"
  NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
  NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
  NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
  NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
  NODEMANAGER_NATIVEIO="true"
  ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
  -Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
  -Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
  -Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
  -Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
  -Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
  -Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
  -Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
  weblogic.nodemanager.NodeManager

  "Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
  Hi,
  I am wondering if anyone has tried creating a domain on a weblogic server by copying
  and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
  to the new installation %bea_home%\config\DomainName.
  When I do this I get the following error when starting up the weblogic server:
  "The WebLogic Server did not start up properly. Exception raised:
  weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
  Secret Key" when loading config.xml
  I assume this is because the weblogic system password is encrypted in the config.xml
  file. Is there anyway I can get around this so I can easily clone weblogic servers?
  Thanks,
  JasJas,
  Yeah the security key is tied to the server, what exactly are you
  trying to accomplish? Do you want seperate domains or servers? Are
  they on different physical servers?
  Also what version of wls? 6 or 7?
  Will try to help you if I can
  Steve

• How to  use Shared secret key(diffie hellman) for encryption n decryption

  In my client server program i wanted to encrypt a random key using shared secret key for encryption and decryption with DES. but i'm unable to encrypt it as init() is not takin the shared secret key for encryption. somebody please help. my mail id - [email protected]

  You need to post some code because it works for everyone else.

• Safest storage of secret keys

  In the process of developing our intranet, we are storing SSN
  information as well. Since this is confidential, I want to make
  sure I take the best practices in safe-guarding it. So how would
  you go about doing it?
  I was thinking I could use GenerateSecretKey() and then use
  Encrypt with AES, but my problem arises from, "do we store the
  generated secret key in the database?) Or is it better to use a
  value in the DB we hold on that individual person for a key?
  I understand that if I store it in the DB, then additional
  security measures include having to close off who gets access to
  reading data from database tables, and that's understandable, I'm
  just trying to devise the best COLDFUSION-related practices for
  storing confidential data.
  Cause in the same manner, if someone had access to read CF
  page code, they could see something like:
  <cfset mySSN = Decrypt( strHashedValue, users.key, "AES" )
  />
  And figure out what was being done (so I have to ensure FILE
  based security as well, but again, just within the realm of CF,
  what's the best thing to do?

  Here is how I have done this in the past - but there might be
  better methods with CF8.
  Yes you have to have a key. It is vulnerable. It should be
  stored off the web root in a file (with locked down permissions) or
  on a separate database preferably on a separate server. I use a
  file. CFinclude (or otherwise externally reference) the key into
  your encryption / decryption code. You don't want to hard code the
  key into your encryption / decryption routines directly because if
  that code somehow gets exposed in an error message (which shouldn't
  happen with catch/try but.....) then your key would be exposed.
  Make sense?
  You are banking on the idea that it is very unlikely,
  assuming you have good security practices, that a hacker is going
  to crack your DB AND the file you have the key stored in.
  No security is perfect.

• Add AAA Client Errors,Shared Secret value must not be blank.

  hello,
  When i add the AAA client to the ACS 4.2 90 eveluation software installed on win2003 std OS with SPk 1 gives the below error when entered the shared secret value then submitting it.
  "Shared Secret value must not be blank"
  what could br the cause?
  Thks
  swami

  This could be related to the browser it sounds like the ACS might not be receiving the Shared Secret from your input.
  The ACS 4.2 does not allow a AAA to be added without a shared secret key.
  CSCsr68278 ACS 4.2 does not allow a blank TACACS+ key
  Make sure that the ACS IP Address is added into your Trusted Sites (IE). You could also try updating to the latest version of Java.

• How to create Secret Key.

  Hi,
  Can any one point me, where I can find to create a Secret Key and store it inside the KeyStore ?
  I am trying to use the w3'c encryption / decryption and I want to create a key which can be compatible to TripleDESCBC or rsa-1_5.
  Since I am new to all these, any pointer will be helpful.
  Thanks in advance,
  -Kalpesh.

  Asuming you have a JCE Provider installed that support 3DES, try this:
  import javax.crypto.*;
  SecretKey generateSecretKey ( String alg ) {
    SecretKey sk = null;          
    try {
      KeyGenerator keyGen = KeyGenerator.getInstance(alg);
      keyGen.init(new SecureRandom());
      sk = (SecretKey)keyGen.generateKey();
      return(sk);
    } catch (Exception e) {
      e.printStackTrace();
      return null;
  }Pass in "DESede/CBC" or "3DES/CBC" for 'alg'. You might also want to specify the pading, depending on the Provider you're using. BouncyCastle is a good open-source JCE provider that supports 3DES.
  Note that RSA is a MUCH different beast - you want a key-PAIR- there, neither half of which is a SecretKey.
  Good luck,
  Grant

• GPG - How to suppress "You need a passphrase to unlock the secret key.."

  Hi,
  I am trying to decrypt a file using gpg decryption command in unix. I am providing the passphrase in the command line. The file gets successfully decrypted but I get the below messages in the command window.
  You need a passphrase to unlock the secret key for
  user: "user" <[email protected]>"
  2048-bit RSA key, ID 123, created 2009-10-27 (main key ID 123)
  gpg: encrypted with 2048-bit RSA key, ID 123, created 2009-10-27
  "[email protected]>"
  I need to suppress all the messages above. I tried using *.sh 2>/dev/null , but this suppress only the 2nd part of the message and I still get the message "You need a passphrase to unlock the secret key ....."
  Can someone please help me in suppressing all the messages above.
  Thanks in advance

  At the top-right of this page, there's a textbox, with the words "Search Forum" over it and "Go>" to its right. Type the wordssave key to disk into it.
  After doing so, it took me 2m30s to to find the following link on the second page of results:
  http://forum.java.sun.com/thread.jsp?forum=9&thread=283282
  I probably should have looked for a better one - I made a couple of mistakes responding to this one last year, so it's a little embarassing. But it does answer your question.
  "Search" - it's very much your friend...
  Good luck,
  Grant

• Secret key cipher for two different Java versions

  Hello All.
  I am trying to make a class that uses secret key encryption/decryption for both v1.18 and v1.3.1. That is the same class needs to be useable on both versions. Is this possible? v1.18 does not recoginize any javax.crypto.*. I was able to get the cipher working the way I wanted in just v1.3.1, but not v1.18.
  Any suggestions would be very appreciated.
  No upgrade at this time is possible.
  Thank you in advance,
  Jen

  You can use BouncyCastle JCE.
  http://www.bouncycastle.org/latest_releases.html
  Add the good jar file corresponding to JDK version,
  and you'll be able to use the same code.

• Error decrypting message

  maybe not the right place to ask this but was trying to download a file and got a "error decrypting message...java io.IOException: unable to decrypt session key"
  what does this mean and how do I fix this
  thanks

  Hi Arun,
  Problem is that B2B is not able to decrypt the incoming message. There could be two possible reasons behind this -
  1. Your TP is not encrypting the message from your client certificate's public key (you should provide your client cert's public key to your TP and ask them to use that for encrypting the messages)
  2. You have not set up the corresponding private key at your B2B (in Host TP configuration and in deliver channel configuration of host TP)
  Please paste the complete log here/mail it to my id.
  Remote trading partner should encrypt the message using your your client cert's public key and you should decrypt it using your private key.
  For this ask your trading partner to encrypt the message using your provided public cert and at your side select the same cert in the delivery channel of your host DC under encryption credential. Make sure that keystore is containing this cert's private key.
  Regards,
  Anuj

• Import/export secret key

  Hello i have a simple program that crypt a string, and i want to
  to know how i can export the secret key.
  My idea is to save a secret string in a file and pass it to the program
  that decrypt the string is it possible ???
  thank
  --sxr                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  OK. First - PLEASE learn how to use the [ code ] tags when posting samples. I didn't even realize you'd posted two classes until I tried to paste 'em into Eclipse.
  Second - you're...confused. Crypting and Decrypt need to share two things: the ciphertext, and the KEY. The key is not available from the AlgorithmParameters. In Decrypt, you're creating a new key from your ciphertext (?!?)
  Since I had a little spare time, I refactored your code somewhat. The only reason to use AlgorithmParameters is to pass in an InitialValue (IV), which CBC-mode needs. The IV is not sensitive data - it's OK to make it public.
  So I just stuck the same IV into both files. You can extend the concept and store the IV as well, if you like.
  The following classes work:import java.io.DataOutputStream;
  import java.io.File;
  import java.io.FileOutputStream;
  import javax.crypto.Cipher;
  import javax.crypto.KeyGenerator;
  import javax.crypto.SecretKey;
  import javax.crypto.spec.IvParameterSpec;
  public class Crypting {
      private static String Password = "sunray";
      public static void main(String[] argvs) throws Exception {
          // Choose an Initial Value (IV)
          byte[] iv = {
              (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04,
              (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08,
          IvParameterSpec ivps = new IvParameterSpec(iv);
          File keyFile = new File("key.txt"); // File that will hold the SecretKey
          File cryptFile = new File("algo.txt"); // File that will hold the ciphertext
          // Creazione del generatore di chiave
          KeyGenerator kgen = KeyGenerator.getInstance("Blowfish");
          SecretKey skey = kgen.generateKey();
          // Creazione della chiave
          byte[] rawKey = skey.getEncoded();
          // Encrypt our data
          Cipher cipher = Cipher.getInstance("BLOWFISH/CBC/PKCS5Padding");
          cipher.init(Cipher.ENCRYPT_MODE, skey, ivps);
          byte[] encrypted = cipher.doFinal(Password.getBytes("UTF8"));
          // Store the KEY
          try {
              DataOutputStream out = new DataOutputStream(new FileOutputStream(keyFile));
              out.write(rawKey, 0, rawKey.length);
              out.close();
          } catch (Throwable e) {
              System.err.println(e);
          // Store the ENCRYPTED DATA
          try {
              DataOutputStream out2 = new DataOutputStream(new FileOutputStream(cryptFile));
              out2.write(encrypted, 0, encrypted.length);
              out2.close();
          } catch (Throwable e) {
              System.err.println(e);
      } // main()
  } //Crypting
  import java.io.DataInputStream;
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import javax.crypto.Cipher;
  import javax.crypto.spec.IvParameterSpec;
  import javax.crypto.spec.SecretKeySpec;
  public class Decrypting {
      public static void main(String[] argv) throws Exception {
          // Choose an Initial Value (IV)
          byte[] iv = {
              (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04,
              (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08,
          IvParameterSpec ivps = new IvParameterSpec(iv);
          File keyFile = new File("key.txt"); // Where's the key?
          File cryptFile = new File("algo.txt"); // Where's the data?
          byte[] ciphertext = null; //ciphertext
          byte[] rawKey = null; // key data
          // Read the KEY BYTES
          try {
              DataInputStream in = new DataInputStream(new FileInputStream(keyFile));
              rawKey = new byte[(int)keyFile.length()];
              in.readFully(rawKey);
              in.close();
          } catch (FileNotFoundException e) {
              System.err.println(e);
          // Read the ENCRYPTED DATA
          try {
              DataInputStream in2 = new DataInputStream(new FileInputStream(cryptFile));
              ciphertext = new byte[(int)cryptFile.length()];
              in2.readFully(ciphertext);
              in2.close();
          } catch (FileNotFoundException e) {
              System.err.println(e);
          //make a key object
          SecretKeySpec key = new SecretKeySpec(rawKey, "Blowfish");
          //make a cipher object
          Cipher cipher = Cipher.getInstance("BLOWFISH/CBC/PKCS5Padding");
          cipher.init(Cipher.DECRYPT_MODE, key, ivps);
          // Decrypt the DATA with the KEY
          byte[] original = cipher.doFinal(ciphertext);
          // Spit out the decrypted data
          String originalString = new String(original, "UTF8");
          System.out.println("\nPassword: " + originalString);
      } // main()
  } // DEcrypt classYou really need to do some reading on how crypto works, if you mean to get past this point.
  Good luck,
  Grant

• Encrypting secret key twice

  Hi.
  I would like to exchange a secret key between two parties (client, server).
  Each has the other's public key certificate, and his own private key.
  I do the following:
  1) Server generates session (symmetric) key.
  2) Server encrypts session key with own private key.
  3) Server encrypts output of (2) with client's public key.
  Client should do the cryptographic opposite, and from thereon, shared session key is used to encrypt data.
  My problem is that I am getting the following:
  javax.crypto.IllegalBlockSizeException "Data must not be longer than 117 bytes"
  I don't want to use Diffie-Helman (otherwise keyAgreement would have done just fine).
  I've tried using Cipher.wrap, SealedObject. Same problem.
  Your help would be appreciated.
  Thanks,
  Yaron Rosenbaum

  I would like to exchange a secret key between two parties (client, server).
  Each has the other's public key certificate, and his own private key.
  I do the following:
  1) Server generates session (symmetric) key.OK.
  2) Server encrypts session key with own private key.That doesn't make sense, unless you mean the server signs the session key with its own private key.
  But why sign the session key?
  3) Server encrypts output of (2) with client's public key.
  Client should do the cryptographic opposite, and from
  thereon, shared session key is used to encrypt data.
  My problem is that I am getting the following:
  javax.crypto.IllegalBlockSizeException "Data must not be longer than 117 bytes"
  That is what I would expect. In general, even with no padding, you cannot guarantee unique decryption
  if the first modulus is greater than the second.

• Secret key getting corrupted

  Hi All,
  Can anyone please help me in finding the possibilities of a secret key getting corrupted??
  Encryption Algorithm used :- Blowfish
  Instance of SecretKeyFactory :- PBEWithMD5AndDES
  Also, are there any chances wherein, the secret key generated varies ( probably in length ); even though same data is used for key construction??
  Thanks in advance!!!!

  Hi Sabre,
  Below is the CryptoWrapper class:
  import java.security.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  * A class to simplify doing encryption & decryption.
  * <P>
  * Note that it acts immediately; you <B>CANNOT</B> use this as a stream cipher wrapper.
  public class CryptoWrapper{
      private static KeyGenerator keygen;
      private static Cipher cipher;
      private String transform;
       * Creates a crypto wrapper with sensible defaults; does <B>NOT</B> add a provider.
       * Default transformation is "Blowfish".
       * @return a wrapper for the required cipher.
      public CryptoWrapper() throws NoSuchAlgorithmException, NoSuchPaddingException{
          this("Blowfish", null);
       * Creates a crypto wrapper with sensible defaults; does <B>NOT</B> add a provider.
       * @param transformation the name of the transformation (e.g. <I>"Blowfish"</I>).
       * @return a wrapper for the required cipher.
      public CryptoWrapper(String transformation) throws NoSuchAlgorithmException,
                                                         NoSuchPaddingException{
          this(transformation, null);
       * Creates a CryptoWrapper with the given transformation name and crypto provider.
       * @param transformation the name of the transformation (e.g. <I>"Blowfish"</I>).
       * @param provider a crypto provider (e.g. <I>com.sun.crypto.provider.SunJCE</I>).  If null, no provider added.
       * @return a wrapper for the required cipher.
      public CryptoWrapper(String transformation, Provider provider) throws NoSuchAlgorithmException,
                                                                            NoSuchPaddingException{
          if (null != provider){
              Security.addProvider(provider);
          // can't happen until after the provider's loaded
          this.cipher = Cipher.getInstance(transformation);
          this.transform = transformation;
          if (null == this.keygen){
              this.keygen = KeyGenerator.getInstance(transformation);
       * Example to encrypt and decrypt a string.
       * <P>
       * Usage: <B>java CryptoWrapper <text to be encrypted></B>
      public static void main(String[] args){
          try{
              CryptoWrapper bw = new CryptoWrapper("Blowfish",
                                                   new com.sun.crypto.provider.SunJCE());
              SecretKey key = CryptoWrapper.generateSecretKey(128);
              String plaintext = "";
              String ciphertext;
              String outputtext;
              byte[] plaintext_bytes;
              byte[] ciphertext_bytes;
              byte[] outputtext_bytes;
              for (int i = 0; i < args.length; i++){
                  plaintext = plaintext + " " + args;
  plaintext_bytes = plaintext.getBytes();
  ciphertext_bytes = bw.encrypt(plaintext_bytes, key);
  ciphertext = new String(ciphertext_bytes);
  outputtext_bytes = bw.decrypt(ciphertext_bytes, key);
  outputtext = new String(outputtext_bytes);
  catch (BadPaddingException bp){
  catch (IllegalBlockSizeException ibs){
  catch (InvalidKeyException ie){
  catch (NoSuchAlgorithmException nsa){
  catch (NoSuchPaddingException nsp){
  * Creates a secret key of the given size.<BR>
  * Note: synchronized against the key generator object.
  * @param keysize The size (<B>in bits</B>) of the key.
  * @return The secret key.
  public static synchronized SecretKey generateSecretKey(int keysize)
  throws InvalidParameterException{
  keygen.init(keysize);
  return keygen.generateKey();
  * Decrypts the given byte array using the given cipher, with the given key.<BR>
  * Note: synchronized against the cipher object.
  * @param ciphertext An array of bytes to decode.
  * @param key A secret key for use in decryption.
  * @return The decrypted byte array.
  public byte[] decrypt(byte[] ciphertext, SecretKey key) throws BadPaddingException,
  IllegalBlockSizeException,
  InvalidKeyException,
  NoSuchAlgorithmException,
  NoSuchPaddingException{
  SecretKeySpec sks = new SecretKeySpec(key.getEncoded(),
  this.transform);
  synchronized (this.cipher){ // this resets the state of the cipher, so we must prevent concurrent access
  this.cipher.init(Cipher.DECRYPT_MODE, sks);
  return this.cipher.doFinal(ciphertext);
  * Encrypts the given byte array using the given cipher, with the given key.<BR>
  * Note: synchronized against the cipher object.
  * @param plaintext An array of bytes to encode.
  * @param key A secret key for use in encryption.
  * @return The encrypted byte array.
  public byte[] encrypt(byte[] plaintext, SecretKey key) throws NoSuchAlgorithmException,
  NoSuchPaddingException,
  BadPaddingException,
  InvalidKeyException,
  IllegalBlockSizeException{
  SecretKeySpec sks = new SecretKeySpec(key.getEncoded(),
  this.transform);
  synchronized (this.cipher){ // this resets the state of the cipher, so must prevent concurrent access
  this.cipher.init(Cipher.ENCRYPT_MODE, sks);
  return this.cipher.doFinal(plaintext);
  }Below is the hexStringToByteArrayConverter:public byte [] hexStringToByteArray(String hexStr) throws BadPasswordException{
       int length = hexStr.length();
       if(length%2!=0)
            throw new BadPasswordException("Bad hex string password!");
       int [] x = new int[length];
       int btLen = length/2;
       byte[] bt = new byte[btLen];
       for(int i=0;i<length;i++)
       x[i] = Character.getNumericValue(hexStr.charAt(i));
       if(i%2==1)
            int y = x[i-1]*16 + x[i];
            bt[(i-1)/2] = (byte)y;
       return bt;

• Please Help!! I deleted the folder System en Macintosh HD and now when i on my mac it says Disk Error Press Any  Key To Restart Please HELP !!

  I deleted the folder System en Macintosh HD and now when i on my mac it says Disk Error Press Any  Key To Restart Please HELP !!

  Reinstall Mac OS X.
  (59450)

• Exchange Connector 3.0 (Hotfix Release) Error - Error Message=The key value of an object cannot be changed.

  Hello,
  I am running Service Manager 2012 with the Exchange Connector 3.0 RTM (Re-release Version).  The issue I have is that when an e-mail is processed that is trying to update the status or event log of an incident, the Exchange Connector encounters an error
  and will not update the object.  The Operations Manager log denotes: 
  Exchange Connector: Unable to process mail item. Subject="Close Ticket: [IRXXXXX]", Error Message=The key value of an object cannot be changed.
  This will happen on a seemingly random selection of Incident work items.  I cannot correlate them with a specific template, exchange connector, or incident tier queue that could be causing the issue.  I can recreate the way a specific ticket
  was created and update it through e-mail without issue, and the next ticket can cause the error to trigger. 
  I have already opened a Microsoft Support Case using our Software Assurance agreement.  After a few months of troubleshooting the issue and trying different fixes, Microsoft support said they were unable to fix the problem and that we would need to
  purchase Premier support to go further. At this point I thought I would reach out to the community for ideas.
  The setup I have for the Exchange connectors is as follows.
  I have three separate Exchange connectors set up to three different mailboxes.  One Exchange connector processes external support tickets and applies a specific template.  Another processes client support tickets and applies a different template. 
  And the last Exchange connector processes internal tickets and also processes the updates of tickets created by the other two exchange connectors. 
  Here are the fixes I've attempted so far:
  1.  Changed the templates that each Exchange connector applies.
  2.  Changed the management pack that each template is stored in.
  3.  Checked my management pack(s) for extended classes by searching for Extension="true" (This was also checked by Microsoft support)
  4.  Deleted each Exchange connector and recreated each connector
  5.  Deleted each Exchange connector, deleted the management pack, and reinstalled the management pack and connectors
  6.  Repeated Step 5, deleted Microsoft.SystemCenter.ExchangeConnector.dll and Microsoft.SystemCenter.ExchangeConnector.resources.dll and then installed the Exchange connector Re-release version 3.0 Published 10/7/2013 (which is supposed to address this
  issue)
  7.  Deleted the HealthServiceState folder and restarted the Management Service
  I'm not really sure what to do at this point.  I've put many hours into customizing my installation to get it working for my organization so reformatting and starting from scratch would be a nightmare scenario.  This environment is in production.
  I do have a band-aid in place using Orchestrator.  Basically I have a monitor task searching for the error message and when it finds one it searches the mailbox for the offending e-mail and applies either the Resolve or Close status change that is requested
  from the user.  However, I do not have it working to update the ticket if a comment is applied to the incident.  If anyone is in this position and needs to know how to apply this Orchestrator task I am willing to provide my workflow.
  I am new to the community and am already impressed with the amount of help and effort there is in this forum.  I appreciate in advance any help that is provided and am open to any ideas at this point.  I can post more information as needed.
  Thank you,
  John

  Yes that is the whole template.  However, I did confirm that this is only happening to incidents where either of two situations triggers a runbook to fire and modify the incident.  When I remove the activity from the incident it does clear the
  issue.  For some background the first Runbook Activity set's the first response date when an incident is resolved if the first response value is null.  The second assigns the incident to a user upon creation if the title contains assignto:username;
  1.)
  <ObjectTemplate ID="Template.d33b5bbcaf3c49b18d8b72bc1e5e1ee4" TypeID="IncidentManagement!System.WorkItem.Incident.ProjectionType">
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/Escalated$">False</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/NeedsKnowledgeArticle$">False</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/HasCreatedKnowledgeArticle$">False</Property>
  <Object Path="$Context/Path[Relationship='CustomSystem_WorkItem_Activity_Library!System.WorkItemContainsActivity' TypeConstraint='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity']$">
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/RunbookId$">4085f0da-ab83-48e5-bbe3-1f3b5fa2dc4a</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/TemplateId$">Template.d33b5bbcaf3c49b18d8b72bc1e5e1ee4</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/IsReadyForAutomation$">True</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/PropertyMapping$">&lt;?xml version="1.0" encoding="utf-16"?&gt;
  &lt;ParameterMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"&gt;
  &lt;ParameterList&gt;
  &lt;RunbookParameterItem&gt;
  &lt;Name&gt;Get RA Guid&lt;/Name&gt;
  &lt;Id&gt;344b15effc1a44528e517c5b4227179c&lt;/Id&gt;
  &lt;Type&gt;String&lt;/Type&gt;
  &lt;Value&gt;Generic::Id&lt;/Value&gt;
  &lt;Direction&gt;In&lt;/Direction&gt;
  &lt;ContextInfo /&gt;
  &lt;/RunbookParameterItem&gt;
  &lt;/ParameterList&gt;
  &lt;RunbookId&gt;4085f0da-ab83-48e5-bbe3-1f3b5fa2dc4a&lt;/RunbookId&gt;
  &lt;/ParameterMapping&gt;</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/ChildId$">1906</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Status$">$MPElement[Name='CustomSystem_WorkItem_Activity_Library!ActivityStatusEnum.Active']$</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Skip$">False</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Library!System.WorkItem']/Title$">Set First Response on Resolve</Property>
  </Object>
  </ObjectTemplate>
  2.)
  <ObjectTemplate ID="Template.b311e1f9126e4e19bbbbeb65ddb220ba" TypeID="IncidentManagement!System.WorkItem.Incident.ProjectionType">
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/Escalated$">False</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/Status$">$MPElement[Name='CustomSystem_WorkItem_Incident_Library!IncidentStatusEnum.Active']$</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/NeedsKnowledgeArticle$">False</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Incident_Library!System.WorkItem.Incident']/HasCreatedKnowledgeArticle$">False</Property>
  <Object Path="$Context/Path[Relationship='CustomSystem_WorkItem_Activity_Library!System.WorkItemContainsActivity' TypeConstraint='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity']$">
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/RunbookId$">ca88b13b-861a-4d39-a3cb-fd912d951e35</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/TemplateId$">Template.b311e1f9126e4e19bbbbeb65ddb220ba</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/IsReadyForAutomation$">True</Property>
  <Property Path="$Context/Property[Type='CustomMicrosoft_SystemCenter_Orchestrator!Microsoft.SystemCenter.Orchestrator.RunbookAutomationActivity.Base']/PropertyMapping$">&lt;?xml version="1.0" encoding="utf-16"?&gt;
  &lt;ParameterMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"&gt;
  &lt;ParameterList&gt;
  &lt;RunbookParameterItem&gt;
  &lt;Name&gt;RA Activity GUID&lt;/Name&gt;
  &lt;Id&gt;5677d117a0294a2c898a695032f26c72&lt;/Id&gt;
  &lt;Type&gt;String&lt;/Type&gt;
  &lt;Value&gt;Generic::Id&lt;/Value&gt;
  &lt;Direction&gt;In&lt;/Direction&gt;
  &lt;ContextInfo /&gt;
  &lt;/RunbookParameterItem&gt;
  &lt;/ParameterList&gt;
  &lt;RunbookId&gt;ca88b13b-861a-4d39-a3cb-fd912d951e35&lt;/RunbookId&gt;
  &lt;/ParameterMapping&gt;</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/ChildId$">1120</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Status$">$MPElement[Name='CustomSystem_WorkItem_Activity_Library!ActivityStatusEnum.Active']$</Property>
  <Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Skip$">False</Property>
  <Property Path="$Context/Property[Type='WorkItem!System.WorkItem']/Title$">Execute Orchestrator IR - Autoassign</Property>
  </Object>
  </ObjectTemplate>

• Regedit Permissions -"Access Denied" or "Error while deleting key" EVEN AS ADMIN!

  Anyone tried deleting a registry key in Windows 7?  Got "access denied" or "Error while deleting key"?
  The usual response is, "You need to run regedit as an administrator".  but I *AM* logged in as Administrator, and running regedit as administrator, trying to assign administrator full permissions on that registry key in order to delete it!!  
  Am I mistaken, or isn't Administrator supposed to be able to administer and control all the settings on the computer, in order to set it up for the "Average Joe" user?
  So, under the permissions menu of that key, go to advanced, change the owner from System to Administrator, and try again.  It's no longer saying "access denied", but "Cannot delete xxxxxx. Error while deleting key".
  The scenario: Basically, the wireless has stopped working on a laptop. The device does not show up in Device Manager, but is in the registry, so the normal procedure is to delete the registry entry for the device in HKLM/System/CurrentControlSet (and /ControlSet001) /Enum/PCI    ,then attach the device or restart the computer, it finds the "new" hardware and reinstalls it. Easy!...
  Not with permission restrictions on the administrator account it's not!  So I need to give myself permission, to give myself permission, to do a simple task like delete a single registry key!  Why, Microsoft, why???!!!  Please just make the Administrator account a hidden "God mode" account that can do anything, and make the lives of us techies much easier in the process!  
  /RANT
  Now, where did I put that XP disc?!....

  Hi,
  I explain you:
  Administrator does not mean "you get all rights to do anything." Administrator happens to be an account (or in your case, most likely the Local Administrators group) which by default is given some sensitive privileges like SeDebugPrivilege and
  similar. However, as far as the security subsystem is concerned, it is just an account. (Very much unlike root in
  Unix-like operating systems) If you aren't the owner of the key in question, and your account does not have WRITE_DAC access
  to the registry key in question, then you won't be able to change the access control list on the key in question.
  Try taking ownership first. By default, the local administrators group has SeTakeOwnershipPrivilege,
  which allows taking ownership of any object even without the WRITE_OWNER permission
  being granted by the object's discretionary access control list. Once you are the owner, you should be implicitly granted READ_CONTROL (which
  allows you to read the security descriptor on the object in question), and WRITE_DAC (which
  allows you to write to the DACL on the key in question). (Assuming the OWNER_RIGHTS SID
  isn't in use; that's extremely unlikely)